This analysis provides insights into Infostealer malware trends observed in June 2025. The data, collected through various automated systems, reveals changes in distribution methods and malware types. While LummaC2 has been dominant, June saw increased activity from Rhadamanthys, ACRStealer, Vidar, and StealC. A new variant of ACRStealer emerged, using advanced techniques like HTTP host domain spoofing and anti-analysis methods. Distribution via crack disguises decreased, with 94.4% in EXE format and 5.6% using DLL-SideLoading. A unique malware type was observed, creating an uncontrollable window prompting browser updates. Some samples now hide compression passwords in image files, indicating evolving evasion tactics. Author: AlienVault
Related Tags:
acrstealer
dll-sideloading
T1588.002
stealc
T1547.001
rhadamanthys
T1555
VIDAR
SEO poisoning
Associated Indicators:
9868233EFD40DB7CA4CA8A74BA02B87FF7AF25CC812A4656FFD36C50D4F9E919
1433F0F5590A42050CA6981DDAC6A10FD407B212DAE565454BCD083B9F19F1CC
A8F62DCF23A98FEF9E2A58AB5D4354FA202BE0ACAA0A3E00942E89D49403A9AF
4799F47FAC919B33AD235BDDAE6DD53BAFAC728F
1D93A4FFC74DB9BE889CA2B9C66A9C4E31E80B12
6AD298A767EEE3B460BC9374BAE33B99D6E7ECDC
C112707DC426200F5BAEA78D00137783A5DC3199
09825DD40BA8BA3C1CE240E844D650A8
08A441A738A7A323ABB97C576F619A22